import DOMPurify from "https://cdn.jsDelivr.net/npm/dompurify/+esm";
function OClick(){
    const userInput = '<img src="x" alt="aaa" onerror="alert(1)">';
    // const cleanHTML = DOMPurify.sanitize(userInput); // 输出: <img src="x">
    //
    // const P0=document.getElementById("hhh");
    // P0.innerHTML = cleanHTML;

    const cleanHtml=DOMPurify.sanitize(userInput);
    const P0=document.getElementById("hhh");
    P0.innerHTML=cleanHtml;


    const P = document.getElementById("test");
    P.innerHTML = "<strong>hello xtu!</strong>"

    const P2 = document.getElementById("test2");
    P2.innerHTML =`<ul>
    <li>你好</li>
    <li>你好</li>
    <li>你好</li>
    <li>你好</li>
    <li>鸟</li>
</ul>
    `
}

document.getElementById("co").addEventListener("click", OClick);